Protecting Privacy during On-Line Trust Negotiation

Seamons, Kent E.; Winslett, Marianne; Yu, Ting; Yu, Lina; Jarvis, Ryan

doi:10.1007/3-540-36467-6_10

Kent E. Seamons⁶,
Marianne Winslett⁷,
Ting Yu⁷,
Lina Yu⁶ &
…
Ryan Jarvis⁶

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2482))

Included in the following conference series:

International Workshop on Privacy Enhancing Technologies

1510 Accesses
30 Citations

Abstract

The dramatic growth of services and information on the Internet is accompanied by growing concerns over privacy. Trust negotiation is a new approach to establishing trust between strangers on the Internet through the bilateral exchange of digital credentials, the on-line analogue to the paper credentials people carry in their wallets today. When a credential contains sensitive information, its disclosure is governed by an access control policy that specifies credentials that must be received before the sensitive credential is disclosed. This paper identifies the privacy vulnerabilities present in on-line trust negotiation and the approaches that can be taken to eliminate or minimize those vulnerabilities. The paper proposes modifications to negotiation strategies to help prevent the inadvertent disclosure of credential information during online trust negotiation for those credentials or credential attributes that have been designated as sensitive, private information.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Bertino, E., Castano, S., Ferrari, E.: On Specifying Security Policies for Web Documents with an XML-based Language, Proceedings of Sixth ACM Symposium on Access Control Models and Technologies, Chantilly, Virginia (2001).
Google Scholar
Biskup, J.: For Unknown Secrecies Refusal is Better than Lying, Data & Knowledge Engineering 33, Elsevier Science, Amsterdam (2000).
Google Scholar
Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web, Proceedings of the 7th Conference on Computer and Communications Security, Athens, Greece (2000).
Google Scholar
Brands, S. A.: Rethinking Public Key Infrastructures and Digital Certificates, MIT Press, Cambridge, Massachusetts (2000).
Google Scholar
Forrester Press Release, Companies Must Adopt A Whole-View Approach To Privacy, http://www.forrester.com/ER/Press/Release/0,1769,514,00.html (2001).
Hess, A., Jacobson, J., Mills, H., Wamsley, R., Seamons, K. E., Smith, B.: Advanced Client/Server Authentication in TLS, Network and Distributed System Security Symposium, San Diego, CA, (2002).
Google Scholar
International Telecommunication Union, Recommendation X.509-Information Technology-Open Systems Interconnection-The Directory: Authentication Framework (1997).
Google Scholar
Persiano, P., Visconti, I.: User Privacy Issues Regarding Certificates and the TLS Protocol, in Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece (2000).
Google Scholar
Platform for Privacy Preferences (P3P) Specification, W3C Working Draft 26 August (1999), http://www.w3.org/TR/WD-P3P/Overview.html.
Seamons, K. E., Winslett, M., Yu, T.: Limiting the Disclosure of Access Control Policies During Automated Trust Negotiation, Symposium on Network and Distributed System Security, San Diego (2001).
Google Scholar
Tygar, J. D.: Atomicity versus Anonymity: Distributed Transactions for Electronic Commerce, Proceedings of 24th International Conference on Very Large Data Bases, New York City, New York (1998).
Google Scholar
Winsborough, W. H., Li, N.:Towards Practical Automated Trust Negotiation, IEEE 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, CA, June (2002).
Google Scholar
Yu, T., Winslett, M., Seamons, K. E.: Interoperable Strategies in Automated Trust Negotiation, Proceedings of the 8th ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania (2001).
Google Scholar

Download references

Author information

Authors and Affiliations

Computer Science Department, Brigham Young University, Provo, UT, USA, 84602
Kent E. Seamons, Lina Yu & Ryan Jarvis
Department of Computer Science, University of Illinois at Urbana-Champaign, Urbana, IL, USA, 61801
Marianne Winslett & Ting Yu

Authors

Kent E. Seamons
View author publications
You can also search for this author in PubMed Google Scholar
Marianne Winslett
View author publications
You can also search for this author in PubMed Google Scholar
Ting Yu
View author publications
You can also search for this author in PubMed Google Scholar
Lina Yu
View author publications
You can also search for this author in PubMed Google Scholar
Ryan Jarvis
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

The Free Haven Project, 144 Lake St., Arlington, MA, 02474, USA
Roger Dingledine
Naval Research Laboratory, Washington, DC, 20375, USA
Paul Syverson

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Seamons, K.E., Winslett, M., Yu, T., Yu, L., Jarvis, R. (2003). Protecting Privacy during On-Line Trust Negotiation. In: Dingledine, R., Syverson, P. (eds) Privacy Enhancing Technologies. PET 2002. Lecture Notes in Computer Science, vol 2482. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36467-6_10

Download citation

DOI: https://doi.org/10.1007/3-540-36467-6_10
Published: 24 June 2003
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00565-0
Online ISBN: 978-3-540-36467-2
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics